ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UDC settings: pre-stage from server backups, fix arg format, action prompts

Browse Source 
Root cause found via decompiling UDC_Setup.exe: it never writes
udc_settings.json from CLI args. Instead it pulls
Settings_Backups\udc_settings_<num>.json from \\tsgwp00525\shared\SPC\UDC
-- which is unreachable at imaging time (no SFLD creds yet). Silent
File.Exists() false, settings never copy, UDC lands on Evendale defaults.

Fix: stage 80 udc_settings_*.json backups under
shopfloor-setup/Standard/udc-backups/ (same tree as ntlars-backups,
xcopy'd to C:\Enrollment\ by existing startnet.cmd). 00-PreInstall
pre-creates C:\ProgramData\UDC\udc_settings.json from the matching
backup BEFORE UDC_Setup.exe runs. Installer's server-side copy silently
fails (unreachable), our pre-staged file survives.

Also:
- preinstall.json UDC InstallArgs corrected: "West Jefferson" -9999
  (quoted spaced site + dash-prefixed number, confirmed via decompile)
- Update-MachineNumber.ps1 UDC.exe relaunch: quoted site + dash number
- Monitor-IntuneProgress: action prompts (Select Device Category after
  Phase 1; Initiate ARTS Lockdown after Phase 5/creds), Display flow
  (3-phase: Registration -> Config -> Lockdown), Phase 6 IME-based
  lockdown detection

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-04-16 08:44:34 -04:00
parent db55bd772a
commit 85e74e5dd1
84 changed files with 4419 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
View File

@@ -571,47 +571,40 @@ function Format-Snapshot {
}
$lines += " $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
$lines += ""
$lines += " ============================================"
foreach ($l in $lines) { Write-Host $l }
Write-Host " ============================================"
# Phase 1
# Phase 1: Intune Registration
$p1Done = ($Snap.Phase1.AzureAdJoined -and $Snap.Phase1.IntuneEnrolled -and
$Snap.Phase1.EmTaskExists -and $Snap.Phase1.PoliciesArriving)
$p1Status = Get-PhaseStatus @(
@{ Ok = $Snap.Phase1.AzureAdJoined; Failed = $false },
@{ Ok = $Snap.Phase1.IntuneEnrolled; Failed = $false },
@{ Ok = $Snap.Phase1.EmTaskExists; Failed = $false },
@{ Ok = $Snap.Phase1.PoliciesArriving; Failed = $false }
)
$lines += $null # placeholder - rendered with color below
$p1Index = $lines.Count - 1
# Phase 6 / Lockdown (shared by both flows, rendered last)
$p6Status = Get-PhaseStatus @(
@{ Ok = $Snap.Phase6.RemediationApplied; Failed = $false },
@{ Ok = $Snap.Phase6.DetectionPassed; Failed = $false }
)
if (-not $skipDsc) {
# Phase 2
$phase1Done = ($Snap.Phase1.AzureAdJoined -and $Snap.Phase1.IntuneEnrolled)
$phase2Done = ($Snap.Phase2.SfldRoot -and $Snap.Phase2.FunctionOk -and $Snap.Phase2.SasTokenOk)
# ---- Standard / CMM / etc. (DSC flow) ----
# Phases: 1 Registration -> 2 Config -> 3 Deployment -> 4 Apps -> 5 Creds -> 6 Lockdown
$p2Done = ($Snap.Phase2.SfldRoot -and $Snap.Phase2.FunctionOk -and $Snap.Phase2.SasTokenOk)
$p2Status = Get-PhaseStatus @(
@{ Ok = $Snap.Phase2.SfldRoot; Failed = $false },
@{ Ok = $Snap.Phase2.FunctionOk; Failed = $false },
@{ Ok = $Snap.Phase2.SasTokenOk; Failed = $false }
)
$lines += $null
$p2Index = $lines.Count - 1
$p2Action = $null
if ($phase1Done -and -not $phase2Done) {
$p2Action = ' >> Assign device category in Intune portal'
}
# Phase 3
$p3Status = Get-PhaseStatus @(
@{ Ok = $Snap.Phase3.DeployComplete; Failed = $false },
@{ Ok = $Snap.Phase3.InstallComplete; Failed = $false }
)
$lines += $null
$p3Index = $lines.Count - 1
# Phase 4
$p4HasFailed = $false
$p4AllDone = $true
$p4AnyStarted = $false
$p4HasFailed = $false; $p4AllDone = $true; $p4AnyStarted = $false
if ($Snap.Phase4 -and $Snap.Phase4.Count -gt 0) {
foreach ($s in $Snap.Phase4) {
if ($s.Status -eq 'failed') { $p4HasFailed = $true }
@@ -619,73 +612,53 @@ function Format-Snapshot {
if ($s.Status -ne 'pending') { $p4AnyStarted = $true }
}
} else { $p4AllDone = $false }
$p4Status = if ($p4HasFailed) { 'FAILED' }
elseif ($p4AllDone) { 'COMPLETE' }
elseif ($p4AnyStarted) { 'IN PROGRESS' }
else { 'WAITING' }
$lines += $null
$p4Index = $lines.Count - 1
$p4Status = if ($p4HasFailed) { 'FAILED' } elseif ($p4AllDone) { 'COMPLETE' } elseif ($p4AnyStarted) { 'IN PROGRESS' } else { 'WAITING' }
# Phase 5
$p5Done = ($Snap.Phase5.ConsumeCredsTask -and $Snap.Phase5.CredsPopulated)
$p5Status = Get-PhaseStatus @(
@{ Ok = $Snap.Phase5.ConsumeCredsTask; Failed = $false },
@{ Ok = $Snap.Phase5.CredsPopulated; Failed = $false }
)
$lines += $null
$p5Index = $lines.Count - 1
# Phase 6
$p6Status = Get-PhaseStatus @(
@{ Ok = $Snap.Phase6.RemediationApplied; Failed = $false },
@{ Ok = $Snap.Phase6.DetectionPassed; Failed = $false }
)
$lines += $null
$p6Index = $lines.Count - 1
# Render
Write-Host ' 1. Intune Registration ' -NoNewline; Format-StatusTag $p1Status; Write-Host ''
if ($p1Done -and -not $p2Done) {
Write-Host ' >> Select Device Category in Intune portal' -ForegroundColor Yellow
}
Write-Host ' 2. Device Configuration ' -NoNewline; Format-StatusTag $p2Status; Write-Host ''
Write-Host ' 3. Software Deployment ' -NoNewline; Format-StatusTag $p3Status; Write-Host ''
Write-Host ' 4. Application Install ' -NoNewline; Format-StatusTag $p4Status; Write-Host ''
Write-Host ' 5. Credential Setup ' -NoNewline; Format-StatusTag $p5Status; Write-Host ''
if ($p5Done -and $p6Status -ne 'COMPLETE') {
Write-Host ' >> Initiate ARTS Lockdown request' -ForegroundColor Yellow
}
Write-Host ' 6. Lockdown ' -NoNewline; Format-StatusTag $p6Status; Write-Host ''
} else {
# ---- Display (no DSC, no credentials) ----
# Phases: 1 Registration -> 2 Device Configuration -> 3 Lockdown
# Device Configuration for Display = policies arriving from Intune.
$p2DisplayDone = $Snap.Phase1.PoliciesArriving
$p2DisplayStatus = if ($p2DisplayDone) { 'COMPLETE' }
elseif ($p1Done) { 'IN PROGRESS' }
else { 'WAITING' }
Write-Host ' 1. Intune Registration ' -NoNewline; Format-StatusTag $p1Status; Write-Host ''
if ($p1Done -and -not $p2DisplayDone) {
Write-Host ' >> Select Device Category in Intune portal' -ForegroundColor Yellow
}
Write-Host ' 2. Device Configuration ' -NoNewline; Format-StatusTag $p2DisplayStatus; Write-Host ''
if ($p2DisplayDone -and $p6Status -ne 'COMPLETE') {
Write-Host ' >> Initiate ARTS Lockdown request' -ForegroundColor Yellow
}
Write-Host ' 3. Lockdown ' -NoNewline; Format-StatusTag $p6Status; Write-Host ''
}
$lines += " ============================================"
$lines += ""
Write-Host " ============================================"
Write-Host ""
$sinceSync = ((Get-Date) - $LastSync).TotalSeconds
$untilNext = ($NextRetrigger - (Get-Date)).TotalSeconds
$lines += " Last sync: $(Format-Age $sinceSync) ago | Next: $(Format-Age $untilNext)"
Write-Host " Last sync: $(Format-Age $sinceSync) ago | Next: $(Format-Age $untilNext)"
# --- Render with color ---
# Lines are printed manually so phase rows get colored status tags.
# $lines entries that are $null are phase-row placeholders rendered
# inline with Format-StatusTag.
for ($i = 0; $i -lt $lines.Count; $i++) {
if ($null -eq $lines[$i]) {
# Phase row: print label then colored tag
if ($i -eq $p1Index) {
Write-Host ' 1. Intune Registration ' -NoNewline; Format-StatusTag $p1Status; Write-Host ''
}
elseif (-not $skipDsc -and $i -eq $p2Index) {
Write-Host ' 2. Device Configuration ' -NoNewline; Format-StatusTag $p2Status; Write-Host ''
if ($p2Action) { Write-Host $p2Action -ForegroundColor Yellow }
}
elseif (-not $skipDsc -and $i -eq $p3Index) {
Write-Host ' 3. Software Deployment ' -NoNewline; Format-StatusTag $p3Status; Write-Host ''
}
elseif (-not $skipDsc -and $i -eq $p4Index) {
Write-Host ' 4. Application Install ' -NoNewline; Format-StatusTag $p4Status; Write-Host ''
}
elseif (-not $skipDsc -and $i -eq $p5Index) {
Write-Host ' 5. Credential Setup ' -NoNewline; Format-StatusTag $p5Status; Write-Host ''
}
elseif (-not $skipDsc -and $i -eq $p6Index) {
Write-Host ' 6. Lockdown ' -NoNewline; Format-StatusTag $p6Status; Write-Host ''
}
} else {
Write-Host $lines[$i]
}
}
if ($skipDsc) {
Write-Host ''
Write-Host " (Phases 2-6 not applicable for $pcType)" -ForegroundColor DarkGray
}
# Return empty - we rendered directly via Write-Host for color support.
return @()
}
@@ -900,10 +873,10 @@ try {
Invoke-SetupComplete
}
# No-DSC types (Display, Lab): complete once Phase 1 identity is solid
if ($skipDsc -and $snap.Phase1.AzureAdJoined -and $snap.Phase1.IntuneEnrolled -and $snap.Phase1.PoliciesArriving) {
Write-Host ""
Write-Host "Phase 1 complete - no DSC needed for $pcType. Finishing up." -ForegroundColor Green
# No-DSC types (Display): wait for lockdown just like DSC types.
# Display skips Phases 3-5 (no DSC/creds) but still needs the
# Intune Remediation lockdown to land before we reboot.
if ($skipDsc -and $snap.LockdownComplete) {
Invoke-SetupComplete
}

7
playbook/shopfloor-setup/Shopfloor/lib/Update-MachineNumber.ps1
View File

@@ -129,10 +129,9 @@ function Update-MachineNumber {
# --- Relaunch UDC with new args ---
if ((Test-Path $script:UdcExePath) -and $out.UdcUpdated) {
try {
# UDC.exe arg signature: positional compact-site (no space), then
# dash-prefixed machine number. Example: UDC.exe WestJefferson -7605
$siteCompact = ($Site -replace '\s+','')
Start-Process -FilePath $script:UdcExePath -ArgumentList @($siteCompact, "-$NewNumber")
# UDC.exe arg signature: quoted site name (with space), then
# dash-prefixed machine number. Example: UDC.exe "West Jefferson" -7605
Start-Process -FilePath $script:UdcExePath -ArgumentList @("`"$Site`"", "-$NewNumber")
} catch {
$out.Errors += "UDC relaunch failed: $_"
}